Plain English first. Each section below starts with a plain-language summary before the full legal detail. You should never have to wade through legalese to understand what we do with your data.
Who We Are
In plain English: Vtech Consulting Ltd is the company responsible for your data. We're a UK-registered technology consultancy.
Vtech Consulting Ltd ("Vtech", "we", "us", "our") is the data controller for personal information collected via our website at www.vtech.consulting and through our consulting engagements.
We are registered in England and Wales. For any data protection matters, you can reach our data controller at [email protected] or by calling +44 (0)20 3488 8455.
This policy applies to personal data we collect when you visit our website, contact us, engage our services, or interact with us in any other way. It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What We Collect
In plain English: We collect information you give us directly (like your name and email), and some technical data automatically when you visit our site (like your IP address). We don't buy data from third parties.
We may collect and process the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity data | First name, last name, job title | You provide directly |
| Contact data | Email address, phone number, company name | You provide directly |
| Communication data | Messages sent via our contact form or email | You provide directly |
| Technical data | IP address, browser type, device type, pages visited, time on site | Automatically via your browser |
| Usage data | How you navigate and interact with our website | Automatically via your browser |
| Engagement data | Notes from calls or meetings, proposals, project scopes | Generated during our working relationship |
We do not collect special categories of personal data (such as health data, biometric data, or data about racial or ethnic origin) and we do not knowingly collect data from individuals under the age of 18.
How We Use Your Data
In plain English: We use your data to respond to enquiries, deliver our services, and improve our website. We do not use your data for advertising or sell it to anyone.
We use your personal data for the following purposes:
- Responding to enquiries — to reply to contact form submissions, emails, or calls you initiate with us.
- Delivering services — to carry out consulting engagements, communicate project updates, share deliverables, and invoice for work.
- Business operations — to maintain our records, manage our accounts, and fulfil legal and contractual obligations.
- Website improvement — to understand how our website is used and make it better. We use anonymised or aggregated data for this purpose wherever possible.
- Marketing communications — where you have opted in, we may send occasional updates about our services or insights relevant to your industry. You can opt out at any time.
- Legal compliance — to comply with applicable law, court orders, or regulatory obligations.
We will never sell your personal data, use it for profiling or automated decision-making that significantly affects you, or share it with third parties for their own marketing purposes.
Legal Basis for Processing
In plain English: UK GDPR requires us to have a valid legal reason for processing your data. Here's what we rely on.
| Purpose | Legal Basis |
|---|---|
| Responding to your enquiries | Legitimate interests (responding to communications directed to us) |
| Delivering contracted services | Performance of a contract |
| Invoicing and financial records | Legal obligation (Companies Act, tax legislation) |
| Website analytics | Legitimate interests (improving our service) |
| Marketing communications | Consent (opt-in only) |
| Legal compliance | Legal obligation |
Sharing Your Data
In plain English: We don't sell or trade your data. We only share it with trusted service providers who help us run our business, and only to the extent necessary.
We may share your personal data with the following categories of third parties:
- IT and hosting providers — cloud infrastructure providers used to host our website and store data securely (e.g. AWS, Microsoft Azure). All providers are vetted and bound by data processing agreements.
- Professional advisors — our accountants, legal advisors, or insurers where required. These parties are bound by confidentiality obligations.
- Regulatory authorities — HMRC, the ICO, or law enforcement where we are legally required to disclose information.
- Sub-contractors — if we engage specialist sub-contractors to assist with a client engagement, we will inform you and ensure appropriate data protection agreements are in place.
We do not transfer personal data outside the UK or EEA unless adequate safeguards are in place (such as standard contractual clauses or adequacy decisions). Any international transfers are documented and protected in accordance with UK GDPR requirements.
How Long We Keep Your Data
In plain English: We keep your data only as long as we need it. Financial records stay for 6 years (as required by law); enquiry data is typically deleted within 12 months if no engagement follows.
| Data Type | Retention Period |
|---|---|
| Enquiry / contact form data | 12 months from last contact if no engagement follows |
| Client engagement records | 6 years from end of engagement (legal requirement) |
| Invoices and financial records | 6 years (Companies Act / HMRC requirement) |
| Email correspondence | 3 years from last contact, or 6 years if engagement-related |
| Website analytics data | Up to 26 months (anonymised where possible) |
| Marketing consent records | Until consent is withdrawn, plus 1 year thereafter |
After the applicable retention period, personal data is securely deleted or anonymised so it can no longer be linked to you.
Your Rights
In plain English: You have real rights over your data — including the right to see it, correct it, delete it, or object to how we use it. Just email us and we'll respond within one month.
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you (a "Subject Access Request"). We will respond within one calendar month.
- Right to rectification — if any information we hold about you is inaccurate or incomplete, you have the right to have it corrected.
- Right to erasure — you can ask us to delete your personal data where we no longer have a legal basis to hold it, subject to our legal retention obligations.
- Right to restrict processing — you can ask us to pause processing of your data in certain circumstances (for example, while a rectification request is being considered).
- Right to data portability — where processing is based on your consent or a contract, you can request your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Right to withdraw consent — where we rely on consent (e.g. marketing emails), you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at [email protected]. We do not charge a fee for these requests. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Cookies
In plain English: Our website uses minimal cookies — essential ones to make the site work, and optional analytics ones to understand how it's used. We don't use advertising cookies.
Cookies are small text files stored on your device by your browser. We use the following types:
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Strictly necessary | Core website functionality (e.g. security, form submissions) | No — these are essential |
| Analytics | Understanding how visitors use our site (anonymised where possible) | Yes — opt-in only |
| Preference | Remembering settings such as language or cookie consent choices | No — functional |
We do not use advertising, tracking, or social media cookies. You can manage or delete cookies through your browser settings at any time. Disabling cookies may affect some functionality of our website.
Security
In plain English: We take security seriously. Your data is protected by industry-standard technical measures and we limit who can access it internally.
We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These include:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls limiting data to those with a business need
- Regular review of our IT systems and security practices
- Use of reputable, vetted cloud infrastructure providers
- Secure deletion procedures at end of retention periods
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, in accordance with our obligations under UK GDPR.
Changes to This Policy
In plain English: If we update this policy, we'll note the date at the top and, for significant changes, let you know directly.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page will always indicate when the most recent changes were made.
For material changes — those that significantly affect your rights or how we use your data — we will notify you directly by email (if we hold your contact details) or by posting a prominent notice on our website before the changes take effect.
We encourage you to review this page periodically. Your continued use of our website or services after any update constitutes acceptance of the revised policy.
Contact Us
In plain English: Any questions about this policy or your data — just email us. We'll get back to you within one business day.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
United Kingdom
If you remain unsatisfied after contacting us, you may raise a concern with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF